SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Scope minimization helps developers to avoid common programming errors, improves code readability by tying together the declaration and actual use of a variable, and improves maintainability because unused variables are more easily detected and removed.

Noncompliant Code Example

This noncompliant code example shows a variable that is declared outside the for loop. This reduces reusability because the value of the loop index i will have changed after the for statement. Consider for instance, the case when this code snippet is copied and pasted with the intent to use a different index j. If index variable change is omitted, the new loop would then attempt to iterate over index i. Unexpected behavior may follow because i remains in scope.

public class Scope {
  public static void main(String[] args) {
    int i = 0;
    for(i = 0; i < 10; i++) {
      // Do operations
    }
  }
}

Compliant Solution

Minimize the scope of variables where possible, for example by declaring loop indexes within the for statement. 

public class Scope {
  public static void main(String[] args) {
    for(int i = 0; i < 10; i++) { //contains declaration
      // Do operations
    }
  }
}

Additionally, methods should be designed to perform only one operation if possible. This reduces the need for variables existing in overlapping scopes and consequently, helps prevent errors.

Risk Assessment

Using a larger scope than what is necessary results in less reliable code.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

SCP00-J

low

unlikely

medium

P2

L3

Automated Detection

Detecting local variables that are declared in a larger scope than is required by the as-written code is straightforward, and can avoid any possibility of false positives.

Detecting multiple for statements that use the same index variable is straightforward; it will produce false positives in the unusual case where this was intended by the programmer.

Other Languages

This guideline appears in the C Secure Coding Standard as DCL19-C. Use as minimal a scope as possible for all variables and functions.

This guideline appears in the C++ Secure Coding Standard as DCL07-CPP. Use as minimal scope as possible for all variables and methods.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Bibliography

[[Bloch 2001]] Item 29, Minimize the scope of local variables
[[JLS 2005]] Section 14.4.2, Scope of Local Variable Declarations

05. Scope (SCP)      05. Scope (SCP)      SCP01-J. Do not increase the accessibility of overridden or hidden methods

  • No labels